How can we build LoRa systems that are provably secure against cyber-attack? In March MWR will be releasing guidance to help

We already have GSM, Bluetooth, Bluetooth Low Energy (BTLE), 6LowPAN, WiFi and Zigbee. So why introduce yet more wireless technology into this flooded market? There's actually a gap, and it's one that is under some fierce competition to fill.

If we want range, then there are already long range radio protocols, but these draw a lot of power so are not suitable for smaller, remote devices. We also have low power solutions like ZigBee or BTLE, but these are limited in range to tens of meters. Many markets now require a long range solution that only sends occasional, small amounts of data and could run off a battery for years.

LoRa and its primary protocol LoRaWAN, are capable of filling this gap in the wireless communications market. Transmitting over many kilometres (depending on environment) and powered by a battery that can last for years. With such promises, several sectors are now picking up this technology to take advantage of these features.

Smart cities are one such field. The goal of a smart city is to use metrics taken from across the city to reduce waste and increase efficiency. The city of Santander is a test bed for a range of smart city technology. One such example is that it measures current levels in dumpsters to decide which need to be collected and produce the most efficient routes to take for the day. It seems minor, but through dozens of such schemes the city claims to have reduced energy usage by as much as 25%.

Security in such scenarios can seem a little silly. Why do we care if someone can read how much trash is in a dumpster?

Obviously we don't. But we do care about the systems gathering this information, and we certainly care when these same protocols start being used for more important tasks, such as controlling level crossings, or sending signals from burglar alarms. There is a risk with any technology or protocol of scope creep. Where at the beginning we did not care about security due to the context, because of its success and relative maturity it creeps in to new sectors without review.

LoRaWAN has been designed with several very effective security features, but simply stating that a technology "uses AES-128 encryption" does not mean that solutions using this technology are therefore secure. So how can we build systems that are provably secure against cyber-attack?

To address this, MWR will be releasing guidance on LoRa, which will be published during Syscan 360 in Singapore.

MWR InfoSecurity provide specialist advice and solutions in all areas of cyber security, from professional and managed services, through to developing commercial and open source security tools. More about MWR.